Skip to content
KYRA MDR Documentation

Security Overview

Platform Security

KYRA AI MDR is built with security-first principles, implementing defense-in-depth across all platform layers. As a security product handling sensitive customer data, the platform exceeds industry standards for data protection, access control, and operational security.

Multi-Tenant Isolation

Data Isolation

  • Row-level tenant isolation on all data tables
  • Tenant context enforced at the application layer on every request
  • Cross-tenant access prevention validated at multiple checkpoints
  • Per-tenant encryption keys for data at rest

Network Isolation

  • Private network segments with no direct internet exposure
  • Encrypted communications between all platform components
  • Mutual TLS authentication for inter-service communication
  • Web Application Firewall (WAF) protection on all public endpoints

Authentication & Authorization

Authentication

  • JWT-based authentication with configurable token lifetime
  • SSO integration (OIDC) with Okta, Azure AD, Google, and custom providers
  • TOTP-based two-factor authentication with backup recovery codes
  • API key management for programmatic access

Authorization

  • Role-based access control (RBAC) with three built-in roles: Admin, Analyst, Viewer
  • Fine-grained permission model with domain-level access controls
  • Method-level authorization enforcement
  • Comprehensive audit logging of all access and actions

Encryption

Data at Rest

  • AES-256 encryption for all stored data
  • Customer-managed encryption keys
  • Encrypted backups and archives
  • Secure key rotation procedures

Data in Transit

  • TLS 1.3 for all client-to-platform communication
  • Mutual TLS for collector-to-platform connections
  • Encrypted inter-service communication
  • Certificate management with automatic rotation

API Security

  • Per-tenant rate limiting based on service tier
  • Request validation and input sanitization
  • CORS protection with origin allowlisting
  • Security headers on all responses (X-Frame-Options, CSP, HSTS)
  • API versioning for backwards-compatible updates

Secrets Management

  • Centralized secrets management with automatic rotation
  • No plaintext credentials in configuration
  • Encrypted environment variable handling
  • Audit trail for all secret access

Monitoring & Incident Response

  • Real-time security monitoring of platform infrastructure
  • Automated alerting on suspicious platform activity
  • Defined incident response procedures for platform security events
  • Regular security assessments and penetration testing

Compliance

The platform supports compliance with:

  • SOC 2 Type II: Security, availability, and confidentiality controls
  • ISO 27001: Information security management system
  • GDPR: Data residency, right to erasure, data portability
  • HIPAA: Healthcare data protection (BAA available)
  • PCI DSS: Payment card industry compliance
  • ISMS-P: Korean information security management system

Vulnerability Management

  • Regular dependency scanning and patching
  • Container image scanning before deployment
  • Automated security testing in CI/CD pipeline
  • Responsible disclosure program